From 7210522683e5fe0032f811ff0ad2194e7f2f8ed6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 18 May 2018 14:47:18 +0200 Subject: [PATCH 01/30] environments: experiment with direnv --- environments/rust/.envrc | 1 + environments/rust/default.nix | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 environments/rust/.envrc create mode 100644 environments/rust/default.nix diff --git a/environments/rust/.envrc b/environments/rust/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/environments/rust/.envrc @@ -0,0 +1 @@ +use nix diff --git a/environments/rust/default.nix b/environments/rust/default.nix new file mode 100644 index 0000000..9a124c3 --- /dev/null +++ b/environments/rust/default.nix @@ -0,0 +1,8 @@ +with import {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + zsh + rustup + ]; +} From fc26ac0ca3d8fd756c9540b59671a739a7431ad0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 18 May 2018 14:49:21 +0200 Subject: [PATCH 02/30] git: ignore qcow2 images --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4cc9af5..b687b22 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.swp result +*.qcow2 From d23b4bbe41fd95661f038939e1018243b55cd376 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 22 May 2018 09:49:00 +0200 Subject: [PATCH 03/30] pkgs: backport staruml pkg For some reason the exact same expression has broken dependencies on master. --- derivations/pkgs/staruml.nix | 57 ++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 derivations/pkgs/staruml.nix diff --git a/derivations/pkgs/staruml.nix b/derivations/pkgs/staruml.nix new file mode 100644 index 0000000..803c12d --- /dev/null +++ b/derivations/pkgs/staruml.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchurl, makeWrapper +, dpkg, patchelf +, gtk2, glib, gdk_pixbuf, alsaLib, nss, nspr, GConf, cups, libgcrypt, dbus, systemd +}: + +let + inherit (stdenv) lib; + LD_LIBRARY_PATH = lib.makeLibraryPath + [ glib gtk2 gdk_pixbuf alsaLib nss nspr GConf cups libgcrypt dbus ]; +in +stdenv.mkDerivation rec { + version = "2.8.1"; + name = "staruml-${version}"; + + src = + if stdenv.system == "i686-linux" then fetchurl { + url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; + sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; + } else fetchurl { + url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-64-bit.deb"; + sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0"; + }; + + buildInputs = [ dpkg ]; + + nativeBuildInputs = [ makeWrapper ]; + + unpackPhase = '' + mkdir pkg + dpkg-deb -x $src pkg + sourceRoot=pkg + ''; + + installPhase = '' + mkdir $out + mv opt/staruml $out/bin + + mkdir -p $out/lib + ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ + ln -s ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + + for binary in StarUML Brackets-node; do + ${patchelf}/bin/patchelf \ + --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + $out/bin/$binary + wrapProgram $out/bin/$binary \ + --prefix LD_LIBRARY_PATH : $out/lib:${LD_LIBRARY_PATH} + done + ''; + + meta = with stdenv.lib; { + description = "A sophisticated software modeler"; + homepage = http://staruml.io/; + license = licenses.unfree; + platforms = [ "i686-linux" "x86_64-linux" ]; + }; +} From 91b02576b163894b9b429349ab7f6dce57229438 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 24 May 2018 01:28:33 +0200 Subject: [PATCH 04/30] drvs: add vscode FHsS --- derivations/fhs/vscode.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 derivations/fhs/vscode.nix diff --git a/derivations/fhs/vscode.nix b/derivations/fhs/vscode.nix new file mode 100644 index 0000000..e6d3b4b --- /dev/null +++ b/derivations/fhs/vscode.nix @@ -0,0 +1,38 @@ +{ pkgs ? import {} }: + +(pkgs.buildFHSUserEnv { + name = "everydayFHS"; + targetPkgs = pkgs: (with pkgs; + [ which + gitFull + zsh + file + direnv + + xdg_utils + xsel + + vscode + + # vscode live share + gnome3.gcr + libgnome_keyring3 + liburcu + libunwind + lttng-ust + curl + openssl + libkrb5 + libuuid + icu + zlib + libsecret + ]); + multiPkgs = pkgs: (with pkgs; + [ + ]); + profile = '' + export SHELL=/bin/zsh + ''; + # FIXME runScript = "$SHELL"; +}).env From b3774a49cc6ba76e71f9f77f1856f9ae75f39255 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 24 May 2018 01:28:59 +0200 Subject: [PATCH 05/30] drvs: rename android fhs --- derivations/fhs/{default.nix => android.nix} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename derivations/fhs/{default.nix => android.nix} (100%) diff --git a/derivations/fhs/default.nix b/derivations/fhs/android.nix similarity index 100% rename from derivations/fhs/default.nix rename to derivations/fhs/android.nix From c1f76050cd0ba96c8b81b0f8dddf8eca8e173ae3 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 4 Jun 2018 10:59:22 +0200 Subject: [PATCH 06/30] drvs/pkgs/staruml: update mirror --- derivations/pkgs/staruml.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/derivations/pkgs/staruml.nix b/derivations/pkgs/staruml.nix index 803c12d..7886d1b 100644 --- a/derivations/pkgs/staruml.nix +++ b/derivations/pkgs/staruml.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; } else fetchurl { - url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-64-bit.deb"; + url = "https://s3.amazonaws.com/staruml-bucket/releases-v2/StarUML-v${version}-64-bit.deb"; sha256 = "05gzrnlssjkhyh0wv019d4r7p40lxnsa1sghazll6f233yrqmxb0"; }; From 8aa071d91055f48eaa89319f6f2d44766fdd263b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 12:01:19 +0200 Subject: [PATCH 07/30] steveej-laptop: impurely symlink /lib64/ld-linux-x86-64.so.2 --- nixos-configuration/steveej-laptop/system.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index a67acfd..85c41fb 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -304,4 +304,9 @@ rec { ln -sf ${config.services.xserver.displayManager.session.desktops} /etc/X11/sessions ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sf ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ''; } From 08d0f5453ad1ed2efe7ec6fb79b2d091a891b3e9 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 12:48:24 +0200 Subject: [PATCH 08/30] steveej-laptop: improve and canonicalize activation scripts --- nixos-configuration/steveej-laptop/system.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 85c41fb..e7c073e 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -294,19 +294,19 @@ rec { # Activation scripts for impure set up of paths in / system.activationScripts.bin = '' echo "setting up /bin..." - ln -sfn ${pkgs.bash}/bin/bash /tmp/.binbash - mv /tmp/.binbash /bin/bash + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash ''; system.activationScripts.etcX11sessinos = '' echo "setting up /etc/X11/sessions..." mkdir -p /etc/X11 - [[ ! -L /etc/X11/sessions ]] || rm /etc/X11/sessions - ln -sf ${config.services.xserver.displayManager.session.desktops} /etc/X11/sessions + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions ''; - system.activationScripts.lib64 = '' echo "setting up /lib64..." mkdir -p /lib64 - ln -sf ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 ''; } From 43c92a7340b34a834f0aaff17b9b99962583e0d5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:13:52 +0200 Subject: [PATCH 09/30] *: fs restructure --- {derivations => environments}/dev/cross.nix | 0 {derivations => environments}/dev/go.nix | 0 {derivations => environments}/dev/neovim-go.nix | 0 {derivations => environments}/dev/pandoc.nix | 0 {derivations => environments}/dev/rkt.nix | 0 {derivations => environments}/dev/rust.nix | 0 {derivations => environments}/dev/vim-go.nix | 0 {derivations => environments}/dev/vim-pandoc.nix | 0 {derivations => environments}/dev/vim-rust.nix | 0 {derivations => environments}/fhs/android.nix | 0 {derivations => environments}/fhs/vscode.nix | 0 {derivations/pkgs => pkgs}/browserpass/default.nix | 0 {derivations/pkgs => pkgs}/nomad/default.nix | 0 {derivations/pkgs => pkgs}/nozbe/default.nix | 0 {derivations/pkgs => pkgs}/staruml.nix | 0 15 files changed, 0 insertions(+), 0 deletions(-) rename {derivations => environments}/dev/cross.nix (100%) rename {derivations => environments}/dev/go.nix (100%) rename {derivations => environments}/dev/neovim-go.nix (100%) rename {derivations => environments}/dev/pandoc.nix (100%) rename {derivations => environments}/dev/rkt.nix (100%) rename {derivations => environments}/dev/rust.nix (100%) rename {derivations => environments}/dev/vim-go.nix (100%) rename {derivations => environments}/dev/vim-pandoc.nix (100%) rename {derivations => environments}/dev/vim-rust.nix (100%) rename {derivations => environments}/fhs/android.nix (100%) rename {derivations => environments}/fhs/vscode.nix (100%) rename {derivations/pkgs => pkgs}/browserpass/default.nix (100%) rename {derivations/pkgs => pkgs}/nomad/default.nix (100%) rename {derivations/pkgs => pkgs}/nozbe/default.nix (100%) rename {derivations/pkgs => pkgs}/staruml.nix (100%) diff --git a/derivations/dev/cross.nix b/environments/dev/cross.nix similarity index 100% rename from derivations/dev/cross.nix rename to environments/dev/cross.nix diff --git a/derivations/dev/go.nix b/environments/dev/go.nix similarity index 100% rename from derivations/dev/go.nix rename to environments/dev/go.nix diff --git a/derivations/dev/neovim-go.nix b/environments/dev/neovim-go.nix similarity index 100% rename from derivations/dev/neovim-go.nix rename to environments/dev/neovim-go.nix diff --git a/derivations/dev/pandoc.nix b/environments/dev/pandoc.nix similarity index 100% rename from derivations/dev/pandoc.nix rename to environments/dev/pandoc.nix diff --git a/derivations/dev/rkt.nix b/environments/dev/rkt.nix similarity index 100% rename from derivations/dev/rkt.nix rename to environments/dev/rkt.nix diff --git a/derivations/dev/rust.nix b/environments/dev/rust.nix similarity index 100% rename from derivations/dev/rust.nix rename to environments/dev/rust.nix diff --git a/derivations/dev/vim-go.nix b/environments/dev/vim-go.nix similarity index 100% rename from derivations/dev/vim-go.nix rename to environments/dev/vim-go.nix diff --git a/derivations/dev/vim-pandoc.nix b/environments/dev/vim-pandoc.nix similarity index 100% rename from derivations/dev/vim-pandoc.nix rename to environments/dev/vim-pandoc.nix diff --git a/derivations/dev/vim-rust.nix b/environments/dev/vim-rust.nix similarity index 100% rename from derivations/dev/vim-rust.nix rename to environments/dev/vim-rust.nix diff --git a/derivations/fhs/android.nix b/environments/fhs/android.nix similarity index 100% rename from derivations/fhs/android.nix rename to environments/fhs/android.nix diff --git a/derivations/fhs/vscode.nix b/environments/fhs/vscode.nix similarity index 100% rename from derivations/fhs/vscode.nix rename to environments/fhs/vscode.nix diff --git a/derivations/pkgs/browserpass/default.nix b/pkgs/browserpass/default.nix similarity index 100% rename from derivations/pkgs/browserpass/default.nix rename to pkgs/browserpass/default.nix diff --git a/derivations/pkgs/nomad/default.nix b/pkgs/nomad/default.nix similarity index 100% rename from derivations/pkgs/nomad/default.nix rename to pkgs/nomad/default.nix diff --git a/derivations/pkgs/nozbe/default.nix b/pkgs/nozbe/default.nix similarity index 100% rename from derivations/pkgs/nozbe/default.nix rename to pkgs/nozbe/default.nix diff --git a/derivations/pkgs/staruml.nix b/pkgs/staruml.nix similarity index 100% rename from derivations/pkgs/staruml.nix rename to pkgs/staruml.nix From 613db440cd5bc8ff011673d5521da018cca2169e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:16:39 +0200 Subject: [PATCH 10/30] cleanup --- nixos-configuration/steveej-laptop/system.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index e7c073e..61abdc0 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -57,7 +57,6 @@ rec { # ''; # }; - networking.networkmanager = { enable = true; unmanaged = [ From f601e6570877b3e6250edda4600278973478ff18 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:17:18 +0200 Subject: [PATCH 11/30] steveej-laptop: allow all CPU idle states --- nixos-configuration/steveej-laptop/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/boot.nix b/nixos-configuration/steveej-laptop/boot.nix index 441a468..fe71bea 100644 --- a/nixos-configuration/steveej-laptop/boot.nix +++ b/nixos-configuration/steveej-laptop/boot.nix @@ -10,7 +10,7 @@ # workaround to disable CPU wining # current CPU has 9 idle cstates. - boot.kernelParams = [ "intel_idle.max_cstate=0" ]; + boot.kernelParams = [ "intel_idle.max_cstate=9" ]; # Workaround for nm-pptp to enforce module load boot.kernelModules = [ From 08e8d76deaa6a8d396598ff686129d5150a7e724 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:17:49 +0200 Subject: [PATCH 12/30] steveej-laptop: don't install vim on system --- nixos-configuration/steveej-laptop/pkg.nix | 1 - nixos-configuration/steveej-laptop/system.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/nixos-configuration/steveej-laptop/pkg.nix b/nixos-configuration/steveej-laptop/pkg.nix index 77fe7e0..0905bbc 100644 --- a/nixos-configuration/steveej-laptop/pkg.nix +++ b/nixos-configuration/steveej-laptop/pkg.nix @@ -69,7 +69,6 @@ in imports = [ ../common/pkg/default.nix - ../common/pkg/vim.nix ]; environment.systemPackages = with pkgs; [ diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 61abdc0..c75abcc 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -130,7 +130,6 @@ rec { }; environment.sessionVariables = { - EDITOR = "vim"; NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. From f188614b65f81de415ef0b84f56c69a3cf4c184a Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:18:18 +0200 Subject: [PATCH 13/30] steveej-laptop: install home printer drivers --- nixos-configuration/steveej-laptop/system.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index c75abcc..81da69d 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -187,6 +187,8 @@ rec { drivers = [ pkgs.hplip unstablepkgs.cups-kyodialog3 + unstablepkgs.mfcj6510dwlpr + unstablepkgs.mfcj6510dw-cupswrapper ]; }; From 8edd25c3f392b404883ffec9ce3611a1edc00749 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:19:01 +0200 Subject: [PATCH 14/30] steveej-laptop: don't overspecify libvirt-qemu pkg --- nixos-configuration/steveej-laptop/system.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 81da69d..82b7b85 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -285,7 +285,6 @@ rec { # virtualization virtualisation = { libvirtd.enable = true; - libvirtd.qemuPackage = pkgs.qemu; virtualbox.host.enable = true; virtualbox.host.addNetworkInterface = true; docker.enable = true; From ee9b95554511bf3d33442aafa03dbd679b6ed496 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 4 Sep 2018 13:19:30 +0200 Subject: [PATCH 15/30] steveej-laptop: add another user for testing --- nixos-configuration/steveej-laptop/user.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos-configuration/steveej-laptop/user.nix b/nixos-configuration/steveej-laptop/user.nix index 9cab86b..6d53acd 100644 --- a/nixos-configuration/steveej-laptop/user.nix +++ b/nixos-configuration/steveej-laptop/user.nix @@ -41,6 +41,11 @@ in hashedPassword = passwords.users.steveej2; }; + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + security.pam.enableU2F = true; security.pam.services.steveej.u2fAuth = true; } From 56f42e96f73f4a5af646e6e07a681211a52aa66f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:21:16 +0200 Subject: [PATCH 16/30] nixos-config: add vm-install-iso --- nixos-configuration/vm-install-iso/Justfile | 2 + nixos-configuration/vm-install-iso/iso.nix | 92 +++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 nixos-configuration/vm-install-iso/Justfile create mode 100644 nixos-configuration/vm-install-iso/iso.nix diff --git a/nixos-configuration/vm-install-iso/Justfile b/nixos-configuration/vm-install-iso/Justfile new file mode 100644 index 0000000..bcd3c66 --- /dev/null +++ b/nixos-configuration/vm-install-iso/Justfile @@ -0,0 +1,2 @@ +build: + nix-build '' -A config.system.build.isoImage -I nixos-config=iso.nix diff --git a/nixos-configuration/vm-install-iso/iso.nix b/nixos-configuration/vm-install-iso/iso.nix new file mode 100644 index 0000000..a93f3d9 --- /dev/null +++ b/nixos-configuration/vm-install-iso/iso.nix @@ -0,0 +1,92 @@ +# This module defines a small NixOS installation CD. It does not +# contain any graphical stuff. +{config, pkgs, lib, ...}: + +let nixos-init-script = '' + #!${pkgs.stdenv.shell} + + export HOME=/root + export PATH=${pkgs.lib.makeBinPath [ + config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild + config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm + ]}:$PATH + export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels + + set -xe + + fdisk -w always -W always /dev/vda < + + # Provide an initial copy of the NixOS channel so that the user + # doesn't need to run "nix-channel --update" first. + # + ]; + + isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + boot.loader.timeout = lib.mkForce 0; + boot.postBootCommands = '' + ''; + + environment.systemPackages = []; + + users.users.root = { + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ]; + }; + + services.gpm.enable = true; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + + systemd.services.nixos-init = { + script = nixos-init-script; + path = with pkgs; [ ]; + + description = "Initialize /dev/vda from configuration.nix found at /dev/vdb"; + enable = true; + + wantedBy = [ "multi-user.target" ]; + after = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; + + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + }; +} From 66a963a210f298f32168d620931daf8d0db81bee Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:27:25 +0200 Subject: [PATCH 17/30] steveej-laptop: add swap device --- nixos-configuration/steveej-laptop/hw.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/hw.nix b/nixos-configuration/steveej-laptop/hw.nix index ee038cd..a3373dc 100644 --- a/nixos-configuration/steveej-laptop/hw.nix +++ b/nixos-configuration/steveej-laptop/hw.nix @@ -42,7 +42,9 @@ fsType = "tmpfs"; }; - swapDevices = [ ]; + swapDevices = [ + { label = "vg0swap"; } + ]; boot.loader.grub = { device = "/dev/sda"; From 25c215ebcc782bb0ef9e14bcc882d28a92efc373 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:28:38 +0200 Subject: [PATCH 18/30] steveej-laptop: libvirt and nix from nixos-unstable --- nixos-configuration/steveej-laptop/pkg.nix | 3 +++ nixos-configuration/steveej-laptop/system.nix | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/pkg.nix b/nixos-configuration/steveej-laptop/pkg.nix index 0905bbc..334036d 100644 --- a/nixos-configuration/steveej-laptop/pkg.nix +++ b/nixos-configuration/steveej-laptop/pkg.nix @@ -4,6 +4,7 @@ let gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; + unstablepkgs = import {}; in { @@ -23,6 +24,8 @@ in # }; # }); + libvirt = unstablepkgs.libvirt; + myLinuxPackages = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor (pkgs.linux_latest.override { kernelPatches = pkgs.linux_latest.kernelPatches ++ [ diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 82b7b85..869a015 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -23,7 +23,7 @@ rec { nix.daemonNiceLevel = 19; nix.daemonIONiceLevel = 7; - nix.package = pkgs.nixUnstable; + nix.package = unstablepkgs.nixStable; nix.useSandbox = true; From cfcc0cde6cfa10c686da9ae5b010874c618df6c0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:29:26 +0200 Subject: [PATCH 19/30] steveej-laptop/network-manager: use dnsMasq and add local networks --- nixos-configuration/steveej-laptop/system.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 869a015..0d79a6b 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -59,6 +59,7 @@ rec { networking.networkmanager = { enable = true; + useDnsmasq = true; unmanaged = [ "interface-name:veth*" "interface-name:virbr*" @@ -67,6 +68,12 @@ rec { "interface-name:*cni*" ]; }; + # Used for testing local Tectonic clusters + environment.etc."NetworkManager/dnsmasq.d/tectonic.conf".text = '' + server=/tt.testing/192.168.124.1 + server=/tectonic-ci.de/192.168.124.1 + server=/tectonic-ci.lan/192.168.124.1 + ''; networking.bridges."virbr1".interfaces = []; networking.interfaces."virbr1".ipv4.addresses = [ From 57b1f59fae378e4bddc08a9d637714d1851599e7 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:40:58 +0200 Subject: [PATCH 20/30] containers/base: s/vim/neovim --- container-images/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-images/default.nix b/container-images/default.nix index c85ba1a..e6d6f0b 100644 --- a/container-images/default.nix +++ b/container-images/default.nix @@ -33,7 +33,7 @@ in rec { procps zsh coreutils - vim + neovim ]; config = { From 1a4f4800f7ee47bdc98a282863ce5ef34e8c1e35 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:52:24 +0200 Subject: [PATCH 21/30] envs/dev: restructure go --- environments/dev/{go.nix => go/default.nix} | 13 ++----------- environments/dev/{ => go}/neovim-go.nix | 0 2 files changed, 2 insertions(+), 11 deletions(-) rename environments/dev/{go.nix => go/default.nix} (81%) rename environments/dev/{ => go}/neovim-go.nix (100%) diff --git a/environments/dev/go.nix b/environments/dev/go/default.nix similarity index 81% rename from environments/dev/go.nix rename to environments/dev/go/default.nix index 19833ff..e67468d 100644 --- a/environments/dev/go.nix +++ b/environments/dev/go/default.nix @@ -68,7 +68,7 @@ let gox.bin #ginkgo ginkgo.bin #gomega - ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) +# ( import ./vim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) # ( import ./neovim-go.nix { pkgs=gitpkgs; commonRC=commonVimRC; } ) ]; @@ -77,22 +77,13 @@ in pkgs.stdenv.mkDerivation { buildInputs = extraBuildInputs ++ buildInputs; shellHook = '' goname=${go.version}_$name - setPS1 $goname + # FIXME: setPS1 $goname export GOROOT=${go}/share/go export GOPATH="$HOME/.gopath_$goname" export PATH="$HOME/.gopath_$goname/bin:$PATH" unset name unset SSL_CERT_FILE - go get -u github.com/Masterminds/glide - go get -u github.com/sgotti/glide-vc - go get -u github.com/alecthomas/gometalinter - go get -u github.com/golang/lint/golint - go get -u github.com/rogpeppe/godef - go get -u github.com/kisielk/errcheck - go get -u github.com/jstemmer/gotags - go get -u github.com/klauspost/asmfmt/cmd/asmfmt - go get -u github.com/nsf/gocode ${extraShellHook} ''; } diff --git a/environments/dev/neovim-go.nix b/environments/dev/go/neovim-go.nix similarity index 100% rename from environments/dev/neovim-go.nix rename to environments/dev/go/neovim-go.nix From e975628bdb78e5f07744f89f82a3536bd73488e2 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:52:24 +0200 Subject: [PATCH 22/30] envs/dev: restructure rust --- environments/{ => dev}/rust/.envrc | 0 environments/dev/{rust.nix => rust/default.nix} | 0 environments/rust/default.nix | 8 -------- 3 files changed, 8 deletions(-) rename environments/{ => dev}/rust/.envrc (100%) rename environments/dev/{rust.nix => rust/default.nix} (100%) delete mode 100644 environments/rust/default.nix diff --git a/environments/rust/.envrc b/environments/dev/rust/.envrc similarity index 100% rename from environments/rust/.envrc rename to environments/dev/rust/.envrc diff --git a/environments/dev/rust.nix b/environments/dev/rust/default.nix similarity index 100% rename from environments/dev/rust.nix rename to environments/dev/rust/default.nix diff --git a/environments/rust/default.nix b/environments/rust/default.nix deleted file mode 100644 index 9a124c3..0000000 --- a/environments/rust/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -with import {}; -stdenv.mkDerivation { - name = "env"; - buildInputs = [ - zsh - rustup - ]; -} From 7ea8c6ba8d31593fd962eef144397ae32516ecdf Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 18:55:28 +0200 Subject: [PATCH 23/30] vim-derivatives: improve completion --- pkg-configuration/vim-derivates/commonrc.nix | 9 ++++++++- pkg-configuration/vim-derivates/neovim.nix | 11 ++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/pkg-configuration/vim-derivates/commonrc.nix b/pkg-configuration/vim-derivates/commonrc.nix index 05458a2..cfb9524 100644 --- a/pkg-configuration/vim-derivates/commonrc.nix +++ b/pkg-configuration/vim-derivates/commonrc.nix @@ -4,7 +4,8 @@ set nocompatible set mouse= " leader -let mapleader = '\' +let mapleader = ',' +let maplocalleader = ',' " save on ctrl-s nnoremap :w @@ -113,5 +114,11 @@ augroup ft_yaml augroup END " }}} +" markdown { +augroup filetypedetect + " gitit page files + au BufRead,BufNewFile *.page set filetype=markdown +augroup END +" } markdown '' diff --git a/pkg-configuration/vim-derivates/neovim.nix b/pkg-configuration/vim-derivates/neovim.nix index 49f199f..9bd7807 100644 --- a/pkg-configuration/vim-derivates/neovim.nix +++ b/pkg-configuration/vim-derivates/neovim.nix @@ -8,9 +8,11 @@ pkgs.neovim.override { configure = { # add custom .vimrc lines like this: customRC = (import ./commonrc.nix {}) + '' + let g:indent_guides_enable_on_vim_startup = 1 + " deoplete { - " let g:deoplete#enable_at_startup = 1 - " let g:deoplete#enable_smart_case = 1 + let g:deoplete#enable_at_startup = 1 + let g:deoplete#enable_smart_case = 1 " } '' + additionalRC; @@ -25,7 +27,10 @@ pkgs.neovim.override { "vim-colorschemes" "vim-colorstepper" "vim-signify" - # "deoplete-nvim" + "deoplete-nvim" + "fugitive" + "ctrlp" + "vim-indent-guides" ] ++ additionalPlugins; }; extraPythonPackages = []; From 71ad8572107d93bf972f31aa5e9ea95a35bc422f Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 16 Sep 2018 19:17:58 +0200 Subject: [PATCH 24/30] git: don't ignore results since they prevent GC --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index b687b22..8288ed7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ *.swp -result *.qcow2 From 617a84a384aa0584000b021d24433789a329cb00 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 23 Sep 2018 14:09:35 +0200 Subject: [PATCH 25/30] tests: add buildwmwithbootloader stub --- tests/buildvmwithbootloader/build-vm.nix | 32 ++++++++++++++++ tests/buildvmwithbootloader/build-vm.sh | 16 ++++++++ tests/buildvmwithbootloader/configuration.nix | 38 +++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 tests/buildvmwithbootloader/build-vm.nix create mode 100755 tests/buildvmwithbootloader/build-vm.sh create mode 100644 tests/buildvmwithbootloader/configuration.nix diff --git a/tests/buildvmwithbootloader/build-vm.nix b/tests/buildvmwithbootloader/build-vm.nix new file mode 100644 index 0000000..8347b45 --- /dev/null +++ b/tests/buildvmwithbootloader/build-vm.nix @@ -0,0 +1,32 @@ +{ system ? builtins.currentSystem +, vmPkgsPath +, buildPkgsPath +, nixosConfigPath +}: + +let + buildPkgs = import buildPkgsPath {}; + vmPkgs'= import vmPkgsPath {}; + vmPkgs = vmPkgs' // { + runtimeShell = "${vmPkgs'.bash}/${vmPkgs'.bash.shellPath}"; + }; + + importWithPkgs = { path, pkgs }: args: import path (args // { inherit pkgs; }); + + nixosConfig = importWithPkgs { path = "${nixosConfigPath}"; pkgs = vmPkgs; }; + vmConfig = importWithPkgs { path = "${buildPkgsPath}/nixos/modules/virtualisation/qemu-vm.nix"; pkgs = vmPkgs; }; + evalConfig = importWithPkgs { path = "${vmPkgsPath}/nixos/lib/eval-config.nix"; pkgs = null; }; + + vmWithBootLoaderConfigMixed = (evalConfig { + modules = [ + nixosConfig + vmConfig + { + virtualisation.useBootLoader = true; + } + + ]; + }).config; +in { + vmWithBootLoaderMixed = vmWithBootLoaderConfigMixed.system.build.vm; +} diff --git a/tests/buildvmwithbootloader/build-vm.sh b/tests/buildvmwithbootloader/build-vm.sh new file mode 100755 index 0000000..520e0c8 --- /dev/null +++ b/tests/buildvmwithbootloader/build-vm.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -x +rm *.qcow2 +rm result* +set -e + +BUILD_NIXPKGS="${BUILD_NIXPKGS:-${HOME}/src/github/NixOS/nixpkgs.dev}" +NIXOS_CONFIG="${NIXOS_CONFIG_OVERRIDE:-${PWD}/configuration.nix}" + +nix-build -K --show-trace build-vm.nix \ + --arg vmPkgsPath '' \ + --argstr buildPkgsPath "${BUILD_NIXPKGS}" \ + --argstr nixosConfigPath "${NIXOS_CONFIG}" \ + -A vmWithBootLoaderMixed + +./result/bin/run-*-vm diff --git a/tests/buildvmwithbootloader/configuration.nix b/tests/buildvmwithbootloader/configuration.nix new file mode 100644 index 0000000..874bea1 --- /dev/null +++ b/tests/buildvmwithbootloader/configuration.nix @@ -0,0 +1,38 @@ +{ pkgs, lib, ... }: +let + +in + +{ + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/vda"; + efiSupport = true; + enableCryptodisk = true; + }; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + boot.initrd.luks.devices = [ { + name = "crypt"; + device = "/dev/disk/uuid/463d886d-7dfe-421b-8cef-f9af3a3fa09d"; + preLVM = true; + allowDiscards = true; + } + ]; + fileSystems."/" = { + label = "root"; + }; + + fileSystems."/boot" = { + label = "boot"; + }; + + boot.tmpOnTmpfs = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + + users.extraUsers.root.initialPassword = lib.mkForce "toorroot"; + users.mutableUsers = false; +} From 69cca39dc54821c05e1326f5d486402a1cde0be1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 11:21:37 +0100 Subject: [PATCH 26/30] nixos-config: add live-usb --- nixos-configuration/live-usb/boot.nix | 21 ++ .../live-usb/configuration.nix | 15 ++ nixos-configuration/live-usb/hw.nix | 59 +++++ nixos-configuration/live-usb/pkg.nix | 29 +++ nixos-configuration/live-usb/system.nix | 242 ++++++++++++++++++ nixos-configuration/live-usb/user.nix | 51 ++++ 6 files changed, 417 insertions(+) create mode 100644 nixos-configuration/live-usb/boot.nix create mode 100644 nixos-configuration/live-usb/configuration.nix create mode 100644 nixos-configuration/live-usb/hw.nix create mode 100644 nixos-configuration/live-usb/pkg.nix create mode 100644 nixos-configuration/live-usb/system.nix create mode 100644 nixos-configuration/live-usb/user.nix diff --git a/nixos-configuration/live-usb/boot.nix b/nixos-configuration/live-usb/boot.nix new file mode 100644 index 0000000..95780ab --- /dev/null +++ b/nixos-configuration/live-usb/boot.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Bootloader, initrd and Kernel + boot.loader.grub.enable = true; + boot.loader.grub.enableCryptodisk = true; + boot.loader.grub.version = 2; + + # workaround to disable CPU wining + # current CPU has 9 idle cstates. + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ + "nf_conntrack_proto_gre" + "nf_conntrack_pptp" + ]; + + boot.tmpOnTmpfs = true; +} diff --git a/nixos-configuration/live-usb/configuration.nix b/nixos-configuration/live-usb/configuration.nix new file mode 100644 index 0000000..b49f937 --- /dev/null +++ b/nixos-configuration/live-usb/configuration.nix @@ -0,0 +1,15 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./pkg.nix + ./hw.nix + ./system.nix + ./user.nix + ./boot.nix + ]; +} diff --git a/nixos-configuration/live-usb/hw.nix b/nixos-configuration/live-usb/hw.nix new file mode 100644 index 0000000..3eebc18 --- /dev/null +++ b/nixos-configuration/live-usb/hw.nix @@ -0,0 +1,59 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + nix.maxJobs = lib.mkDefault 3; + nix.buildCores = 3; + + hardware.enableAllFirmware = true; + hardware.trackpoint.emulateWheel = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; + boot.extraModulePackages = [ ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/boot" = { + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part2"; + fsType = "vfat"; + }; + + fileSystems."/" = { + device = "/dev/mapper/live--usb-live--usb--root"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + + fileSystems."/home" = { + device = "/dev/mapper/live--usb-live--usb--root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + swapDevices = [ + { device = "/dev/mapper/live--usb-live--usb--root"; } + ]; + + boot.loader.grub = { + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0"; + efiSupport = true; + }; + + boot.initrd.luks.devices = [ { + name = "crypt-live-usb"; + device = "/dev/disk/by-id/usb-SCSI_DISK_9E216FC57FBD4AE1-0:0-part3"; + preLVM = true; + allowDiscards = true; + } + ]; +} diff --git a/nixos-configuration/live-usb/pkg.nix b/nixos-configuration/live-usb/pkg.nix new file mode 100644 index 0000000..50145ca --- /dev/null +++ b/nixos-configuration/live-usb/pkg.nix @@ -0,0 +1,29 @@ +{ config, + pkgs, + ... }: + +let + +in +{ + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + + packageOverrides = pkgs: rec { + + }; + }; + + imports = + [ + ../common/pkg/default.nix + ]; + + environment.systemPackages = with pkgs; [ + firefox + gitFull + gpg2 + nvim + ]; +} diff --git a/nixos-configuration/live-usb/system.nix b/nixos-configuration/live-usb/system.nix new file mode 100644 index 0000000..691e3d1 --- /dev/null +++ b/nixos-configuration/live-usb/system.nix @@ -0,0 +1,242 @@ +{ config, lib, pkgs, ... }: + + +let + +in + +rec { + nix.binaryCachePublicKeys = [ + # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + nix.binaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + # "https://hydra.nixos.org" + ]; + + nix.daemonNiceLevel = 19; + nix.daemonIONiceLevel = 7; + + nix.useSandbox = true; + + # The NixOS release to be compatible with for stateful data such as databases. + # system.stateVersion = "unstable"; + networking.hostName = "steveej-liveusb"; # Define your hostname. + + networking.firewall.enable = true; + networking.firewall.checkReversePath = false; + + # Provide a NAT/DHCP Router + # + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "enp0s20f0u4u1u3" ]; + # networking.nat.externalInterface = "wlp1s0"; + # networking.interfaces."enp0s20f0u4u1u3".ipv4.addresses = [ + # { address = "10.254.253.254"; prefixLength = 24; } + # ]; + # services.dnsmasq = { + # enable = true; + # servers = [ "8.8.8.8" "8.8.4.4" ]; + # extraConfig = '' + # domain=lan + # interface=enp0s20f0u4u1u3 + # bind-interfaces + # dhcp-range=10.254.253.100,10.254.253.199,1h + # ''; + # }; + + networking.networkmanager = { + enable = true; + dns = "dnsmasq"; + unmanaged = [ + "interface-name:veth*" + "interface-name:virbr*" + "interface-name:br*" + "interface-name:*vbox*" + "interface-name:*cni*" + ]; + }; + + programs.zsh = { + enable = false; + }; + + environment.sessionVariables = { + NIXPKGS_ALLOW_UNFREE = "1"; + + # Don't create .pyc files. + PYTHONDONTWRITEBYTECODE = "1"; + }; + + environment.etc."lvm/lvm.conf".text = '' + devices { + issue_discards = 1 + } + ''; + + environment.pathsToLink = [ "/share/zsh" ]; + + # Fonts, I18N, Date ... + fonts = { + enableCoreFonts = true; + }; + + i18n = { + consoleFont = "lat9w-16"; + defaultLocale = "en_US.UTF-8"; + }; + time.timeZone = "Europe/Berlin"; + #time.timeZone = "America/Los_Angeles"; + + # Services + services.gpm.enable = true; + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + + services.gnome3 = { + gnome-disks.enable = false; + gnome-documents.enable = false; + gnome-online-miners.enable = false; + gnome-user-share.enable = false; + gnome-terminal-server.enable = false; + gpaste.enable = false; + sushi.enable = false; + tracker.enable = false; + + # FIXME: gnome should be moved to user session + seahorse.enable = true; + gvfs.enable = true; + at-spi2-core.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + gnome-keyring.enable = true; + }; + + services.teamviewer.enable = false; + + services.printing = { + enable = false; + }; + + services.pcscd.enable = true; + services.xserver = { + enable = true; + libinput.enable = true; + libinput.naturalScrolling = true; + + videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ]; + xkbVariant = "altgr-intl"; + xkbOptions = "nodeadkeys"; + + desktopManager = { + # FIXME: gnome should be moved to user session + gnome3.enable = true; + + xterm.enable = true; + plasma5.enable = false; + }; + + displayManager = { + gdm.enable = false; + + lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "steveej"; + }; + background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png"; + }; + + sessionCommands = '' + ''; + }; + }; + + # Package configuration + environment.systemPackages = with pkgs; [ + ]; + + # More Services + services.udev.packages = [ + pkgs.libu2f-host + pkgs.yubikey-personalization + ]; + services.udev.extraRules = '' + # OnePlusOne + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" + + # Plantronics BackBeat PRO + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777" + SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777" + '' + ; + + services.packagekit.enable = true; + + services.resolved.enable = false; + services.nix-serve.enable = false; + + services.samba.enable = true; + services.samba.extraConfig = '' + client max protocol = SMB3 + ''; + + # hardware related services + services.illum.enable = true; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + support32Bit = true; + }; + }; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + }; + + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ + blueman + ]; + + # Kubernetes + # services.kubernetes.roles = ["master" "node"]; + + # virtualization + virtualisation = { + libvirtd.enable = false; + virtualbox.enable = false; + docker.enable = true; + }; + + # Activation scripts for impure set up of paths in / + system.activationScripts.bin = '' + echo "setting up /bin..." + ln -sfT ${pkgs.bash}/bin/bash /bin/.bash + mv -Tf /bin/.bash /bin/bash + ''; + system.activationScripts.etcX11sessinos = '' + echo "setting up /etc/X11/sessions..." + mkdir -p /etc/X11 + ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions + mv -Tf /etc/X11/.sessions /etc/X11/sessions + ''; + system.activationScripts.lib64 = '' + echo "setting up /lib64..." + mkdir -p /lib64 + ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 + mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 + ''; +} diff --git a/nixos-configuration/live-usb/user.nix b/nixos-configuration/live-usb/user.nix new file mode 100644 index 0000000..6d53acd --- /dev/null +++ b/nixos-configuration/live-usb/user.nix @@ -0,0 +1,51 @@ +{ config +, pkgs +, ... }: + +let + passwords = import ../common/passwords.crypt.nix; + mkUser = {uid, hashedPassword, ... } @ args: args // { + inherit uid hashedPassword; + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + ]; + }; + +in +{ + users.mutableUsers = false; + users.defaultUserShell = pkgs.zsh; + + users.extraUsers.root = { + hashedPassword = passwords.users.root; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"]; + }; + + users.extraUsers.steveej = mkUser { + uid = 1000; + hashedPassword = passwords.users.steveej; + }; + + users.extraUsers.steveej2 = mkUser { + uid = 1001; + hashedPassword = passwords.users.steveej2; + }; + + users.extraUsers.steveej3 = mkUser { + uid = 1002; + hashedPassword = passwords.users.steveej; + }; + + security.pam.enableU2F = true; + security.pam.services.steveej.u2fAuth = true; +} From a9e3e47de1779cdc8c51baf8d9e5976ec041d4a0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 11:23:34 +0100 Subject: [PATCH 27/30] steveej-laptop: enable nested kvm-intel --- nixos-configuration/steveej-laptop/hw.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos-configuration/steveej-laptop/hw.nix b/nixos-configuration/steveej-laptop/hw.nix index a3373dc..992fe47 100644 --- a/nixos-configuration/steveej-laptop/hw.nix +++ b/nixos-configuration/steveej-laptop/hw.nix @@ -12,6 +12,12 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; + boot.extraModprobeConfig = '' + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + ''; boot.extraModulePackages = [ ]; boot.loader.systemd-boot.enable = true; From 3351944d897bef5857759481f04c264cc705e763 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 11:24:00 +0100 Subject: [PATCH 28/30] format fix --- nixos-configuration/steveej-laptop/system.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 0d79a6b..5f0e342 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -5,7 +5,7 @@ let gitpkgs = import /home/steveej/src/github/NixOS/nixpkgs {}; unstablepkgs = import {}; -in +in rec { nix.binaryCachePublicKeys = [ @@ -191,7 +191,7 @@ rec { services.printing = { enable = true; - drivers = [ + drivers = [ pkgs.hplip unstablepkgs.cups-kyodialog3 unstablepkgs.mfcj6510dwlpr @@ -282,7 +282,7 @@ rec { }; # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [ + services.dbus.packages = with pkgs; [ blueman ]; From e22b8af561c60ace8ab33925ae87689136651f17 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 11:24:18 +0100 Subject: [PATCH 29/30] steveej-laptop: update to 18.09 --- nixos-configuration/steveej-laptop/system.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos-configuration/steveej-laptop/system.nix b/nixos-configuration/steveej-laptop/system.nix index 5f0e342..3cb446b 100644 --- a/nixos-configuration/steveej-laptop/system.nix +++ b/nixos-configuration/steveej-laptop/system.nix @@ -59,7 +59,7 @@ rec { networking.networkmanager = { enable = true; - useDnsmasq = true; + dns = "dnsmasq"; unmanaged = [ "interface-name:veth*" "interface-name:virbr*" @@ -218,6 +218,8 @@ rec { }; displayManager = { + gdm.enable = false; + lightdm = { enable = true; autoLogin = { From 0b7f8b703b01ca27936bf58878e2ad1e1a5ae6f0 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 28 Oct 2018 11:25:39 +0100 Subject: [PATCH 30/30] tests: add VM tests --- tests/buildvmwithbootloader/debug-vm.sh | 30 +++++++++++++++++++++++++ tests/buildvmwithbootloader/result | 1 + tests/test-vm.nix | 7 ++++++ 3 files changed, 38 insertions(+) create mode 100755 tests/buildvmwithbootloader/debug-vm.sh create mode 120000 tests/buildvmwithbootloader/result create mode 100644 tests/test-vm.nix diff --git a/tests/buildvmwithbootloader/debug-vm.sh b/tests/buildvmwithbootloader/debug-vm.sh new file mode 100755 index 0000000..0d11067 --- /dev/null +++ b/tests/buildvmwithbootloader/debug-vm.sh @@ -0,0 +1,30 @@ +# /nix/store/lya9qyl9z5xb4vzdzh4vzcr7gfssk47z-qemu-host-cpu-only-for-vm-tests-2.12.0/bin/qemu-kvm \ +# -cpu \ +# kvm64 \ +# -name \ +# nixos \ +# -m \ +# 384 \ +# -smp \ +# 1 \ +# -device \ +# virtio-rng-pci \ +# -net \ +# nic,netdev=user.0,model=virtio \ +# -netdev \ +# user,id=user.0 \ +# -virtfs \ +# local,path=/nix/store,security_model=none,mount_tag=store \ +# -virtfs \ +# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=xchg \ +# -virtfs \ +# local,path=/tmp/nix-vm.j7eRAzkZvB/xchg,security_model=none,mount_tag=shared \ +# -drive \ +# index=1,id=drive2,file=/tmp/nix-vm.j7eRAzkZvB/disk.img,media=disk,if=virtio \ +# -drive \ +# index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/nixos.qcow2,cache=writeback,werror=report,if=virtio \ + + +/nix/store/0i6fr8vv559a50w0vipvd22r0kkg1kx1-qemu-host-cpu-only-for-vm-tests-3.0.0/bin/qemu-kvm -cpu kvm64 -name nixos -m 384 -smp 1 -device virtio-rng-pci -net nic,netdev=user.0,model=virtio -netdev user,id=user.0 -virtfs local,path=/nix/store,security_model=none,mount_tag=store -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=xchg -virtfs local,path=/tmp/nix-vm.BXlbOnli8K/xchg,security_model=none,mount_tag=shared \ + -drive index=1,id=drive2,file=/tmp/nix-vm.BXlbOnli8K/disk.img,media=disk,if=virtio \ + -drive index=0,id=drive1,file=/home/steveej/src/steveej/nix-expressions/tests/nixos.qcow2,cache=writeback,werror=report,if=virtio \ diff --git a/tests/buildvmwithbootloader/result b/tests/buildvmwithbootloader/result new file mode 120000 index 0000000..a5fdbfc --- /dev/null +++ b/tests/buildvmwithbootloader/result @@ -0,0 +1 @@ +/nix/store/xh6p394kh1bncmc3lr6l9fb81284ckhf-nixos-vm \ No newline at end of file diff --git a/tests/test-vm.nix b/tests/test-vm.nix new file mode 100644 index 0000000..d647b3c --- /dev/null +++ b/tests/test-vm.nix @@ -0,0 +1,7 @@ +{ lib, config, pkgs, fetchgit, ... }: +{ + boot.consoleLogLevel=6; + users.users.root.initialPassword = "root"; + systemd.services."serial-getty@ttyS0".enable = true; + networking.firewall.enable = false; +}